Finding Expired Certificates
11-05-2018 07:48 AM
We run an EAP/TLS wireless network. As such, we have certificates which expire on a regular basis. There is a not very small population of users who never notice that their certificate expired.
I *do* see RADIUS failures in CPPM Access Tracker with the RADIUS alert of:
|EAP-TLS: fatal alert by server - certificate_expired|
TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session
Is there any easy way to get a report on failed EAP-TLS transactions with a "certificate_expired" message from ClearPass?
Worcester Polytechnic Institute
Re: Finding Expired Certificates
11-05-2018 07:53 AM
Also, we recommend you create a policy rule that looks for certificates that will be expiring in the near term to drop them into a captive portal to re-enroll.